# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, ... }: let lock-false = { Value = false; Status = "locked"; }; lock-true = { Value = true; Status = "locked"; }; lock-empty-string = { Value = ""; Status = "locked"; }; in { imports = [ ./hardware.nix # inputs.home-manager.nixosModules.home-manager ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "yerukall"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; # Enable the X11 windowing system. services.xserver.enable = true; # Enable the KDE Plasma Desktop Environment. services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; # Configure keymap services.xserver.xkb = { variant = "caps:swapescape"; layout = "de,us,dv2"; extraLayouts.dv2 = { description = "German Dvorak Type 2"; languages = [ "de" ]; symbolsFile = ./symbols/dv2; }; }; # Configure console keymap console.keyMap = "de"; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound with pipewire. sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this #jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) #media-session.enable = true; }; # Enable Bluetooth Support hardware.bluetooth.enable = true; # services.blueman.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.kb-work = { isNormalUser = true; description = "kb-work"; extraGroups = [ "networkmanager" "wheel" ]; packages = with pkgs; [ kate thunderbird keepassxc globalprotect-openconnect vscodium logseq ungoogled-chromium zed-editor # Editor ]; }; services.syncthing = { enable = true; configDir = "/home/kb-work/.config/syncthing"; }; services.pcscd.enable = true; programs.gnupg.agent = { # enable = true; pinentryPackage = pkgs.lib.mkForce pkgs.pinentry-qt; }; programs.firefox = { enable = true; nativeMessagingHosts.packages = [ pkgs.firefoxpwa ]; policies = { # --------- Privacy --------- DisableTelemetry = true; DisableFirefoxStudies = true; DisablePocket = true; DisableFirefoxAccounts = true; AutofillAddressEnabled = false; AutofillCreditCardEnabled = false; OfferToSaveLogins = false; FirefoxHome.TopSites = false; FirefoxHome.SponsoredTopSites = false; Preferences = { "browser.newtabpage.pinned" = lock-empty-string; "browser.topsites.contile.enabled" = lock-false; }; # -------- Opiniated -------- DontCheckDefaultBrowser = true; DisableProfileImport = true; SearchBar = "unified"; SearchEngines.Add = [ # Only Available in ESR Releases https://mozilla.github.io/policy-templates/#searchengines--add { Name = "Brave"; URLTemplate = "https://search.brave.com/search?q={SearchTerms}"; Alias = "br"; } ]; ExtensionSettings = { # See https://mozilla.github.io/policy-templates/#extensionsettings "extension@tabliss.io" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/3940751/tabliss-2.6.0.xpi"; installation_mode = "normal_installed"; }; "gdpr@cavi.au.dk" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/4246350/consent_o_matic-1.0.13.xpi"; installation_mode = "normal_installed"; }; "uBlock0@raymondhill.net" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/4261710/ublock_origin-1.57.2.xpi"; installation_mode = "normal_installed"; }; "keepassxc-browser@keepassxc.org" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/4257616/keepassxc_browser-1.9.0.3.xpi"; installation_mode = "normal_installed"; }; "offline-qr-code@rugk.github.io" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/3870992/offline_qr_code_generator-1.8.xpi"; installation_mode = "normal_installed"; }; "addon@darkreader.org" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/4262984/darkreader-4.9.83.xpi"; installation_mode = "normal_installed"; }; "firefoxpwa@filips.si" = { install_url = "https://addons.mozilla.org/firefox/downloads/file/4252822/pwas_for_firefox-2.11.1.xpi"; installation_mode = "normal_installed"; }; }; Bookmarks = [ { Title = "Syncthing"; URL = "localhost:8384"; Placement = "toolbar"; } ]; }; # profiles.default = { # id = 0; # name = "default"; # isDefault = true; # path = "/home/spiegelma/.mozilla/firefox/m9zcjjpu.default"; # }; # profiles.work = { # id = 1; # name = "work"; # isDefault = false; # search = { # force = true; # default = "Brave"; # order = [ "Brave" "StartPage" "DuchDuckGo" "Google" "Bing"]; # engines = { # "Brave" = { # urls = [{ template = "https://search.brave.com/search?q={searchTerms}"; }]; # iconUpdateURL = "https://cdn.search.brave.com/serp/v2/_app/immutable/assets/brave-search-icon.CsIFM2aN.svg"; # updateInterval = 24 * 60 * 60 * 1000; # every day # }; # "StartPage" = { # urls = [{ template = "https://www.startpage.com/sp/search?query={searchTerms}"; }]; # iconUpdateURL = "https://www.startpage.com/sp/cdn/favicons/favicon-16x16-gradient.png"; # updateInterval = 24 * 60 * 60 * 1000; # every day # }; # }; # }; # bookmarks = [ # { # name = "work"; # toolbar = true; # bookmarks = [ # { # name = "ohmportal"; # url = "https://my.ohmportal.de/"; # } # ]; # } # { # name = "nixos"; # toolbar = true; # bookmarks = [ # { # name = "nix Packages"; # url = "https://search.nixos.org/packages?channel=unstable"; # } # { # name = "nix Options"; # url = "https://search.nixos.org/options?channel=unstable"; # } # { # name = "home Options"; # url = "https://nix-community.github.io/home-manager/options.xhtml"; # } # ]; # } # ]; # }; }; programs.chromium = { enable = true; extensions = [ "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin ]; defaultSearchProviderEnabled = true; defaultSearchProviderSearchURL = "https://search.brave.com/search?q={searchTerms}"; }; # Configure Nix nixpkgs.config.allowUnfree = true; nixpkgs.config.permittedInsecurePackages = [ "electron-28.3.3" ]; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget git grim # screenshot functionality slurp # screenshot functionality wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout mako # notification system developed by swaywm maintainer btop starship openconnect firefoxpwa gnupg pinentry-qt ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # enable sway window manager programs.sway = { enable = true; wrapperFeatures.gtk = true; }; # start SSH Agent programs.ssh.startAgent = true; # List services that you want to enable: # Enable the OpenSSH daemon. # services.openssh.enable = true; services.globalprotect.settings = { "vpn.ohmportal.de" = { openconnect-args = "--protocol gp --disable-ipv6"; }; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? }